Data security remains a high priority for any business or enterprise that transmits personal or confidential information remotely, such as over the internet. A critical portion of data security is authentication. User-authentication procedures can range from a simple username and password to a fully managed device that is enrolled in a system—such as an Enterprise Mobility Management (“EMM”) or Mobile Device Management (“MDM”) system—and uses preinstalled files or software to authenticate the device with the system.
EMM systems offer increased security by obtaining information about the type of device being connected to the network and then installing software on the device that monitors and manages connections to secure resources. EMM systems can install a profile that allows the device to be identified to a back-end server upon making a request so that the server can identify the device. Some users, however, may want to use an application that does not allow use of a profile. For example, users might use third-party mail clients that lack the ability to integrate with device profiles provided by an EMM system.
Authentication with a third-party mail client therefore can use a simple username and password to access a mail server. However, access requests from these third-party mail clients can come from unenrolled devices that are not known to the system. As a result, the enterprise or mail systems are unable to identify the device to determine if the device should be denied access, and simply deny access to a device having an identifier that is not previously known to the system. Users, however, would like to use third-party mail clients or unenrolled devices without being denied access. At the same time, administrators would like more security than simply granting access to any device that provides a request with the proper user name and password. For example, it would be desirable to deny e-mail access to a device that is jailbroken or otherwise compromised, even if the user has the correct username and password.
As a result, a need exists for improved methods of providing access to a server, including providing application-specific access, while maintaining a high level of security.